This document provides instructions for configuring various network services on a Mikrotik router including:
1. Assigning IP addresses via command line and configuring DHCP and DNS server.
2. Allowing client devices to access the internet by configuring routing and NAT.
3. Blocking specific websites by adding filter rules to drop traffic to the site.
4. Setting up a hotspot to provide guest wireless access and limiting bandwidth for different user profiles on the hotspot.
It includes screenshots and step-by-step explanations for carrying out common Mikrotik router configuration tasks such as IP address assignment, enabling internet access, blocking websites, and setting up a bandwidth-limited hotspot.
DHCP stands for dynamic host configuration protocol. What it does is dynamically assign network settings from a server. In other words, instead of having to configure the parameters related to how your computer communicates with a network, it happens automatically.
Assigning an IP address dynamically is the most basic piece but there is a lot more to DHCP. This includes the netmask, host name, domain name, gateway and name servers. In addition, DHCP can supply other information such as a time server.
Many people are anti-DHCP, because they see it as a way that an ISP offers you an IP address that changes. This, of course, makes it difficult to advertise a server. On the other hand, DHCP can save you a lot of ongoing configuration work within your company or organization.
DHCP stands for dynamic host configuration protocol. What it does is dynamically assign network settings from a server. In other words, instead of having to configure the parameters related to how your computer communicates with a network, it happens automatically.
Assigning an IP address dynamically is the most basic piece but there is a lot more to DHCP. This includes the netmask, host name, domain name, gateway and name servers. In addition, DHCP can supply other information such as a time server.
Many people are anti-DHCP, because they see it as a way that an ISP offers you an IP address that changes. This, of course, makes it difficult to advertise a server. On the other hand, DHCP can save you a lot of ongoing configuration work within your company or organization.
Webinar NETGEAR - La gestione wireless centralizzata con la modalità EnsembleNetgear Italia
La modalità ENSEMBLE di gestione centrale del wireless permette di nominare, un access point della famiglia Prosafe WAC7xx, quale master della configurazione del cluster. Esempio di configurazione passo a passo.
Installing and configuring a dhcp on windows server 2016 step by stepAhmed Abdelwahed
This lab provides the required knowledge to install and manage the DHCP on Windows Server 2016:
Contents
Lab Objective.
Install DHCP role.
DHCP Post Installation Configuration.
DHCP Authorization.
Configuring DHCP.
Create and configure new scope.
Test DHCP functionality from Windows Client (Windows 10).
How DHCP client obtain automatic IP address (DORA).
DHCP Scope Options.
Address leases.
DHCP Exclusion.
DHCP Reservation.
DHCP Filter.
Scope and Server options.
DHCP Classes.
Testing DHCP Class.
DHCP Statistics.
DHCP Advanced Options.
Integration with DNS.
Conflict detection.
DHCP Maintenance.
L2 tp i-psec vpn on windows server 2016 step by stepAhmed Abdelwahed
This lab provide complete information to deploy and configure L2TP/IPsec VPN on Windows server 2016.
Table of Contents
What is VPN?
Existing Active directory environment.
Existing DHCP Server Configuration:
VPN Server Setup and Configurations.
VPN Configuration Steps:
Step 1: Join VPN Server to ITPROLABS.XYZ domain.
Step 2: Add Remote Access role.
Step 3: Enable and configure routing and remote access (Enable VPN Service).
Step 4: Allow VPN clients to obtain TCP/IP configuration from DHCP and use internal DNS.
Step 5: Configure a preshared key for IPSec connection.
Allowing internet users to connect through VPN..
Step 1: Active Directory Configuration.
Step 2: Configure the Remote Access policies (NPS).
Testing.
Create VPN connection from windows 10 Client.
Allow internet connectivity with VPN..
Connect to VPN..
Check connected VPN client Status.
Webinar NETGEAR - La gestione wireless centralizzata con la modalità EnsembleNetgear Italia
La modalità ENSEMBLE di gestione centrale del wireless permette di nominare, un access point della famiglia Prosafe WAC7xx, quale master della configurazione del cluster. Esempio di configurazione passo a passo.
Installing and configuring a dhcp on windows server 2016 step by stepAhmed Abdelwahed
This lab provides the required knowledge to install and manage the DHCP on Windows Server 2016:
Contents
Lab Objective.
Install DHCP role.
DHCP Post Installation Configuration.
DHCP Authorization.
Configuring DHCP.
Create and configure new scope.
Test DHCP functionality from Windows Client (Windows 10).
How DHCP client obtain automatic IP address (DORA).
DHCP Scope Options.
Address leases.
DHCP Exclusion.
DHCP Reservation.
DHCP Filter.
Scope and Server options.
DHCP Classes.
Testing DHCP Class.
DHCP Statistics.
DHCP Advanced Options.
Integration with DNS.
Conflict detection.
DHCP Maintenance.
L2 tp i-psec vpn on windows server 2016 step by stepAhmed Abdelwahed
This lab provide complete information to deploy and configure L2TP/IPsec VPN on Windows server 2016.
Table of Contents
What is VPN?
Existing Active directory environment.
Existing DHCP Server Configuration:
VPN Server Setup and Configurations.
VPN Configuration Steps:
Step 1: Join VPN Server to ITPROLABS.XYZ domain.
Step 2: Add Remote Access role.
Step 3: Enable and configure routing and remote access (Enable VPN Service).
Step 4: Allow VPN clients to obtain TCP/IP configuration from DHCP and use internal DNS.
Step 5: Configure a preshared key for IPSec connection.
Allowing internet users to connect through VPN..
Step 1: Active Directory Configuration.
Step 2: Configure the Remote Access policies (NPS).
Testing.
Create VPN connection from windows 10 Client.
Allow internet connectivity with VPN..
Connect to VPN..
Check connected VPN client Status.
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Jiunn-Jer Sun
Agenda
• IEC 62443 IACS standard
• Scope and why
• DHCP protocol and how it works
• DHCP’s Vulnerabilities
• Types of Cyber Attacks to DHCP
• Defense by network security DHCP Snooping
• Korenix products with advanced security features
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
2. P a g e 2 | 73
Table of Contents
1. How to assign IP address with command line..............................................................................3
2. Configure DHCP and DNS Server......................................................................................................3
Let’s Client test DHCP ...........................................................................................................................7
3. Allow clients access Internet ............................................................................................................11
Let’s Client Test access internet......................................................................................................13
Configure NAT........................................................................................................................................14
Let’s Client Test access internet again..........................................................................................16
4. Block Website or Domain...................................................................................................................17
Let’s Client Test.....................................................................................................................................20
5. Configure Hotspot.................................................................................................................................21
Limit user bandwidth based on user profile of Hotspot ..........................................................25
Let’s Client Test Speed AWS-IT.......................................................................................................28
Let’s Client Test Speed AWS-HR.....................................................................................................29
Bypassing.................................................................................................................................................30
IP Binding ............................................................................................................................................30
Walled Garden....................................................................................................................................32
6. Setup and Configure User Manager with Hotspot.....................................................................34
7. Configure VPN Server..........................................................................................................................40
Enable VPN Server (PPTP Server)...................................................................................................40
Create Pool of VPN ...............................................................................................................................41
Create VPN Profile ................................................................................................................................42
Create User of VPN to authentication............................................................................................42
8. Configure VPN Client ...........................................................................................................................43
9. Configure VPN Site-to-Site................................................................................................................48
On Router Site-1...................................................................................................................................48
Change Hostname and interface on Router (Site-1) ...........................................................48
Create Peer .........................................................................................................................................51
Change Proposal................................................................................................................................52
Create Policies....................................................................................................................................53
Create Firewall NAT bypass...........................................................................................................54
On Router Site-2...................................................................................................................................55
Change Hostname and interface on Router (Site-2) ...........................................................55
Create Peer .........................................................................................................................................57
Change Proposals .............................................................................................................................59
Create Policies....................................................................................................................................59
Create Firewall NAT bypass...........................................................................................................60
Let’s Testing VPN Site-to-Site..........................................................................................................61
On Router Site-1...............................................................................................................................61
On Router Site-2...............................................................................................................................64
10. Configure Proxy (Cache)....................................................................................................................66
Enable Web Proxy.................................................................................................................................66
Transparent Proxy ................................................................................................................................68
Block websites, extensions and redirect website......................................................................70
3. P a g e 3 | 73
1.How to assign IP address with command line
On Mikrotik Router OS you can assign IP address by command line and interface.
This this how to assign IP address with command line, please follow it.
2.Configure DHCP and DNS Server
The first of all, you should configure DNS. Please follow this pictures below.
4. P a g e 4 | 73
After you configure DNS already, please configure DHCP to let client get IP address
automatically from Mikrotik Router. Please follow in this pictures!
5. P a g e 5 | 73
In this point you just click on DHCP Setup.
After then, you just choose which interface that you want provide IP address to client
and then, click next and next.
6. P a g e 6 | 73
In this point you can select pool of IP give out that you want. For example, 99 IP
address, so should 192.168.5.2-192.168.5.100
7. P a g e 7 | 73
Let’s Client test DHCP
You can type this command ncpa.cpl and then double click on Local Area
Connection
8. P a g e 8 | 73
In this point just click Properties
Please click on Internet Protocol Version 4 (TCP/IPv4) and then click Properties
9. P a g e 9 | 73
Click on Obtain an IP address automatically and Obtain DNS server address
automatically, after then click OK.
Please release your IP address by use command > ipconfig/release and then use
command > ipconfig/renew to get IP address, after then test ping to WAN and LAN
11. P a g e 11 | 73
3.Allow clients access Internet
To allow clients can access Internet, you make sure that you configured Rote and
NAT, so please follow this picture. This point mean that Mikrotik Router cannot access
to internet, so please do route.
12. P a g e 12 | 73
On Gateway, please put IP Gateway of WAN. And then click Apply > OK
13. P a g e 13 | 73
Let’s Mikrotik Router ping to internet like > ping 8.8.8.8
Let’s Client Test access internet
In this case client cannot access to Internet because, you not yet configure NAT, so
please configure NAT.
14. P a g e 14 | 73
Configure NAT
To configure NAT, please follow this pictures. Go to IP > Firewall
Click on NAT and then add it by use (+)
15. P a g e 15 | 73
In General, Chain: srcnat and Out. Interface: ether1 (interface that connect with
WAN)
In Action, Action:masquerade and then click Apply and OK
Note: masquerade is a method that used to translate IP Private to IP Public
(Internet). It means that, your IP Private cannot communication with Internet. If
you want IP Private can communication with Internet, you just configure NAT and
choose the Action masquerade.
16. P a g e 16 | 73
Let’s Client Test access internet again
17. P a g e 17 | 73
4.Block Website or Domain
In this point you can block all website that you want, but I will block only facebook.
Click IP > Firewall
18. P a g e 18 | 73
Click on Filter Rules and then click + to add website to block it.
In General, Chain: Forward
19. P a g e 19 | 73
In Advanced, on the Content : facebook.com (put website that you want to block)
In Action, Action: drop and then click Apply and OK
20. P a g e 20 | 73
Let’s Client Test
Client cannot access website facebook.com because we block it at the moment.
21. P a g e 21 | 73
5.Configure Hotspot
To configure hotspot, please follow on this pictures. Go to IP > Hotspot
In this point you just click Hotspot Setup
22. P a g e 22 | 73
Choose interface that you want to share your hotspot (interface LAN). And then click
Next.
You just click Next.
Select pool for Hotspot addresses and then click Next.
24. P a g e 24 | 73
It is default of user in Mikrotik Router.
This point is successfully and then click OK. Note: when you click OK it will disconnect
to Router, so you must login hotspot first and then you can connect to Router as
normal.
25. P a g e 25 | 73
When you access to internet, it will alert authentication from hotspot.
Limit user bandwidth based on user profile of Hotspot
26. P a g e 26 | 73
You can create user profile name that you want and then, on Rate Limit:
1024k/4096k (upload/download), after then, click Apply and OK
This point you need to create user to login your hotspot service. Click Users > +
27. P a g e 27 | 73
In General, Name: AWS-IT (name that you want) and assign password on this user.
After then on Profile: Technical Department (User Profile that you create) and click
Apply > OK
Now I will create one more User Profile name HR Department and Rate Limit:
1024k/2048k click Apply > OK
28. P a g e 28 | 73
Create one more User for HR Department Profile. Follow it.
Let’s Client Test Speed AWS-IT
This is user AWS-IT in Technical Department.
29. P a g e 29 | 73
Speed that AWS-IT have 1024k/4096k
Let’s Client Test Speed AWS-HR
This is user AWS-HR in HR Department
30. P a g e 30 | 73
Speed that AWS-HR have 1024k/2048k
Bypassing
IP Binding
IP Binding is an option that we used to specific user that can access internet without
authentication from web page (Hotspot) based on IP address and mac address of
user.
This is an IP address of user, it can access internet by authentication from Hotspot
31. P a g e 31 | 73
Before we configure IP Binding, This IP address of user have authentication of
Hotspot Service.
This a Physical Address or Mac address of user, just type > ipconfig/all to see it.
32. P a g e 32 | 73
This is the point that show you about how to configure it. Please follow it. The first,
into IP > Hotspot > IP Bindings > + and then put mac address and IP address of
user, on the Type point, you just choose bypassed and then click Apply > OK
Did you see, this IP address of user can access internet without authentication from
Hotspot service.
Walled Garden
Walled Garden is an option that we used to access internet by specific website
without authentication from Hotspot service based on IP address of user. Please
remember that, if you had configure IP Bindings, you should disable it first, and then
you can configure Walled Garden.
Note: If different user or IP address no need to disable IP Binding. But in this picture
I choose the same user or IP address to test it.
33. P a g e 33 | 73
The first, Please disable IP Bindings.
Click on Walled Garden > + and then put IP address of User that you want it to
access specific website, after then put the website that you want user access it. Click
Apply > OK.
34. P a g e 34 | 73
6.Setup and Configure User Manager with Hotspot
39. P a g e 39 | 73
Let’s test access to internet.
40. P a g e 40 | 73
Test Speed that you limit.
7.Configure VPN Server
Enable VPN Server (PPTP Server)
To configure VPN Server Point to Point, the first, just enable PPTP Server. PPP >
Interface > PPTP Server and then click Enable
41. P a g e 41 | 73
Create Pool of VPN
To create pool just go to IP > Pool. Why we need creat pool of VPN? Because we
don’t want other side know our IP address of our LAN, so when we use this pool,
network out side that want to connect our VPN will get the IP address that we
create in Pool of VPN.
Click + and then assign name of pool and assign address of pool.
42. P a g e 42 | 73
Create VPN Profile
Go to PPP > Profile assign name of profile and put Local address and choose
Remote address, don’t forget put DNS Server.
Create User of VPN to authentication
Go to PPP > Secrets and then assign name and password on the Profile point just
choose Profile of VPN that you created.
43. P a g e 43 | 73
8.Configure VPN Client
We need to configure VPN Client to let client can remote to VPN Server.
In Control Panel > Network and Internet > Network and Sharing Center and then
follow in this picture
45. P a g e 45 | 73
This the name of VPN that you create.
46. P a g e 46 | 73
When it finished, it will show you like this.
47. P a g e 47 | 73
When you connect VPN done, you can see the IP address of VPN Pool that you
assign on Pool.
Double click on VPN Connection and then click Details…
48. P a g e 48 | 73
This is the IP Pool of VPN.
9.Configure VPN Site-to-Site
To configure VPN Site-to-Site, the first, make sure that both of site can access to
internet.
On Router Site-1
Change Hostname and interface on Router (Site-1)
50. P a g e 50 | 73
Assign IP address on each interface
51. P a g e 51 | 73
For this point make sure you were configured NAT by masquerade and Route. And
then let’s client access internet.
Create Peer
Before you create peer, you should create rule of IPsec first. Please follow this
picture.
Why we need create peer? Because we want to get information from other site
(Site-2) to communication to each other. Please follow this picture!!!
52. P a g e 52 | 73
On the Address please put IP of WAN in Site-2
Change Proposal
On the Proposals menu, you just double click like picture show and then, change
proposals follow your encryption.
53. P a g e 53 | 73
Create Policies
After we create Peer and change Proposals already, please create policies to put
some information of each Router to know each other. So in General menu, you just
follow in this picture.
NOTE: Src. Address: 192.168.5.0/24 is the Network IP of LAN in Router Site-1
Dst. Addrsss: 192.168.6.0/24 is the Network IP of LAN in Router Site-2
On the Action menu, just follow in this picture. IP 192.168.1.109 is the IP of WAN
in Router Site-1 and IP 192.168.1.110 is the IP of WAN in Router Site-2
54. P a g e 54 | 73
Create Firewall NAT bypass
We need to create firewall nat bypass to let both of sites can communication.
Please follow this picture.
55. P a g e 55 | 73
For this point you must put Nat bypass rule the top of other rule in firewall Nat.
On Router Site-2
Change Hostname and interface on Router (Site-2)
59. P a g e 59 | 73
Change Proposals
Create Policies
After we create Peer and change Proposals already, please create policies to put
some information of each Router to know each other. So in General menu, you just
follow in this picture.
NOTE: Src. Address: 192.168.6.0/24 is the Network IP of LAN in Router Site-2
Dst. Addrsss: 192.168.5.0/24 is the Network IP of LAN in Router Site-1
60. P a g e 60 | 73
On the Action menu, just follow in this picture. IP 192.168.1.109 is the IP of WAN
in Router Site-1 and IP 192.168.1.110 is the IP of WAN in Router Site-2
Create Firewall NAT bypass
61. P a g e 61 | 73
Let’s Testing VPN Site-to-Site
On Router Site-1
The first please Test ping to IP address of Site-2
62. P a g e 62 | 73
After you test ping to each other already, please test with file share. Please follow
this pictures
66. P a g e 66 | 73
10. Configure Proxy (Cache)
Enable Web Proxy
67. P a g e 67 | 73
Client cannot access Internet without Proxy, so please configure proxy of client follow
this pictures
IP address that put is IP address of LAN.
68. P a g e 68 | 73
After assign it already, please test access Internet.
Transparent Proxy
To make transparent proxy, you should create firewall nat (dstnat). Follow this
pictures
69. P a g e 69 | 73
On Action menu, please choose redirect and to port 8080
Let’s client test without assign IP of Proxy. Please follow in this pictures
70. P a g e 70 | 73
Let’s client access to internet.
Block websites, extensions and redirect website
This point I will block youtube.com
71. P a g e 71 | 73
In this point I will block extensions (.mp3)
Test access to youtube.com website
72. P a g e 72 | 73
Test download mp3, please follow in this pictures
This point I will block sabay.com and redirect to awspl.com website. Please follow
this picture
73. P a g e 73 | 73
Test access sabay.com and it will redirect to awspl.com
This are some references
Setting up a Mikrotik Hotspot with UserManager (Step-By-Step) ~ Binary Heartbeat
Howto to enable Mikrotik RouterOS Web Proxy in Transparent Mode | Syed Jahanzaib
Personal Blog to Share Knowledge !
Mikrotik IPSEC Site-to-Site – TNSolutions
http://routeros.butchevans.com/routeros-6.27/all_packages_mipsbe/
Limit number connection based on user profile, Mikrotik Hotspot - OA Ultimate